The Credential Phishing Handbook Why It Still Works and 4 Steps to Prevent It

IntroductionPhishing is more than 20 years old, but still represents more than 90% of targeted attacks. The reason is simple: it works.

Nearly one in four people who receive a phishing email open it. Even more alarming: more than 10% will click on the malicious link or open the weaponized attachment that the phishing email contains. That means an attacker has to send only 10 messages to have a 90% probability of catching and compromising a user. The average-sized organization loses $3.7 million to phishing scams per year, according to the Ponemon Institute. And those are just the tangible costs.

HOW PHISHING Works: Trends and tacticsWhile other cyber attacks have become more advanced in a technical sense, phishing has grown more advanced in terms of how it exploits human behavior. They are getting past traditional filters and into corporate inboxes. And they are being clicked, regardless of the amount of user-awareness training. Here are four techniques used in phishing attacks:

Pretending to be from the targeted

users’ IT department

Targeting specific users and departments

Using weaponized documents embedded

with malicious macros

Working in conjunction with

watering-hole attacks

WHo Attackers Target: FOLLOWING THE MONEYAttackers go where the money is: payment and financial service firms make up 40% of targeted phishing attacks. Internet service firms are also popular targets because compromised domain-name and hosting services enable future attacks.

While attackers send phishing email throughout targeted organizations, click-through rates vary by department and job function. Surprisingly, some the most conscientious workers are among the most likely to click, especially when the phishing email appeals to their sense of urgency, efficiency, and order.

Phishing attacks make money in a variety of ways. Some sell stolen credentials. Others trade in confidential documents. And still others use the stolen credentials to make fraudulent financial transactions.

WHY PHISHING ATTACKS SUCCEED:EXPLOITING HUMAN NATUREAttackers are using all kinds of tricks to get their weaponized links and documents past the filters and firewalls that are trying to keep them out. Here are a few:

Getting past the filters with fast-changing URLs and domains and much smaller campaigns that don’t trigger spam controls

Impersonating friends and colleagues

Impersonating URLs and websites

Large-scale social engineering research using public information to craft convincing email

Reduce the attack surface Deploy tools that monitor and analyze messages, URLs, attachments, and user clicks using static code and dynamic behavioral techniques.

Expand your defense coveragewith cloud-based defenses that protect your people wherever they work.

Take advantage of Big Data and machine-learning Techniques to predictively catch emerging and never- before-seen attacks before the user clicks.

Get better visibility into your environment and the broader threat landscape. Real-time threat intelligence and a view of threat activity on your systems help you respond and recover faster. Deploy tools that help you understand who is being targeted by what threats, which threats made it through your defenses, and who has been hit.

HOW TO STOP PHISHING ATTACKS: RECOMMENDATIONS

Your people are now the primary exploit target. You need to protect them the way they work and identify assets and risks before you are compromised. Here are some ways to combat phishing attacks:

GET EMAIL PROTECTION BUILT FOR THE WAY YOU WORKWith an increasing amount of sensitive and confidential information—and an expanding attack surface of devices, cloud apps, and mobile locations—you cannot afford to rely on traditional defenses. Innovative new tools operate within the work flow, monitoring URLs and attachments, sharing real-time threat intelligence, and watching user activity on and off your corporate network.

Targeted attack protection helps you detect, mitigate, and respond to these threats before they succeed.

To learn more about how Proofpoint can help you stop credential phishing, download our white paper, Hook, Line, and Sinker: How Credential Phishing is Changing and How to Stop It at www.proofpoint.com.

About ProofpointProofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions for comprehensive threat protection, incident response, secure communications, social media security, compliance, archiving and governance. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system. Proofpoint protects against phishing, malware and spam, while safeguarding privacy, encrypting sensitive information, and archiving and governing messages and critical enterprise information.

More information is available at www.proofpoint.com

© Proofpoint, Inc., 2016. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.